~kick-d/ubuntu/+source/ntp:logical/4.2.6.p5+dfsg-3ubuntu9

Last commit made on 2016-01-22
Get this branch:
git clone -b logical/4.2.6.p5+dfsg-3ubuntu9 https://git.launchpad.net/~kick-d/ubuntu/+source/ntp
Only Kick In can upload to this branch. If you are Kick In please log in for upload directions.

Branch merges

Branch information

Name:
logical/4.2.6.p5+dfsg-3ubuntu9
Repository:
lp:~kick-d/ubuntu/+source/ntp

Recent commits

c8a02ba... by Kick In on 2016-01-14

  * SECURITY UPDATE: symmetric association authentication bypass via
    crypto-NAK
    - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
      ntpd/ntp_proto.c.
    - CVE-2015-7871

da8c14c... by Kick In on 2016-01-14

  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
    - debian/patches/CVE-2015-7855.patch: simply return fail in
      libntp/decodenetnum.c.
    - CVE-2015-7855

f0f93bb... by Kick In on 2016-01-14

  * SECURITY UPDATE: buffer overflow via custom refclock driver
    - debian/patches/CVE-2015-7853.patch: properly calculate length in
      ntpd/ntp_io.c.
    - CVE-2015-7853

bca2843... by Kick In on 2016-01-14

  * SECURITY UPDATE: ntpq atoascii memory corruption
    - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
      ntpq/ntpq.c.
    - CVE-2015-7852

9af4d3a... by Kick In on 2016-01-14

  * SECURITY UPDATE: denial of service via same logfile and keyfile
    - debian/patches/CVE-2015-7850.patch: rate limit errors in
      include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
      libntp/msyslog.c.
    - CVE-2015-7850

56e59ee... by Kick In on 2016-01-14

  * SECURITY UPDATE: denial of service by spoofed KoD
    - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
    - CVE-2015-7704
    - CVE-2015-7705

a64bbbd... by Kick In on 2016-01-14

  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
    configuration directives
    - debian/patches/CVE-2015-5196.patch: disable remote configuration in
      ntpd/ntp_parser.y.
    - CVE-2015-5196
    - CVE-2015-7703

b574fc2... by Kick In on 2016-01-14

  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
    - debian/patches/CVE-2015-7701.patch: add missing free in
      ntpd/ntp_crypto.c.
    - CVE-2015-7701

5afebc5... by Kick In on 2016-01-14

  * SECURITY UPDATE: incomplete autokey data packet length checks
    - debian/patches/CVE-2015-7691.patch: add length and size checks to
      ntpd/ntp_crypto.c.
    - CVE-2015-7691
    - CVE-2015-7692
    - CVE-2015-7702

d8365e5... by Kick In on 2016-01-14

  * SECURITY UPDATE: timeshifting by reboot issue
    - debian/patches/CVE-2015-5300.patch: disable panic in
      ntpd/ntp_loopfilter.c.
    - CVE-2015-5300